Log on OpenID connect fallback #17677
Description
I have an open-id connect provider (id-austria) that replies to a token-request with an invalid token (only 2 parts, not 3).
spring-security then tries to get the id-token from the user-info-uri. But that provider has no user-info-uri, since all user-info is already there in the token (part 1+2)
Spring-security then logs "...ProviderManager: Authentication failed with provider OAuth2LoginAuthenticationProvider since [missing_user_info_uri] Missing required UserInfo Uri in UserInfoEndpoint for Client Registration: id-austria"
Expected Behavior
spring-security should log fallback-behavior like this. e.g. "Invalid id-token provided, trying to retrieve it form UserInfoEndpoint for Client Registration: id-austria"
Current Behavior
After the response (200 OK), spring-security logs:
RestTemplate : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=UTF-8"
ProviderManager : Authentication failed with provider OAuth2LoginAuthenticationProvider since [missing_user_info_uri] Missing required UserInfo Uri in UserInfoEndpoint for Client Registration: id-austria
no info that this is a fallback mechanism due to the invalid id-token is given
Context
I've enabled the following logs:
logging.level.org.springframework.security=DEBUG
logging.level.org.springframework.web=DEBUG
logging.level.org.springframework.security.web.FilterChainProxy=DEBUG
logging.level.org.springframework.security.oauth2.client=DEBUG
logging.level.org.springframework.security.oauth2.client.endpoint=TRACE